Easy to understand information about the latest in commercial telecommunications and networking technology

Monday, December 14, 2015

The Ultimate Wireless Firewall: Networks That Don’t Connect

By: John Shepler

Network security has become a major concern of any business that connects to the Internet. There’s hardly a day goes by that we don’t seen another announcement of a company that has been breached. We may be seeing only the tip of that iceberg. The public reports tend to be about companies that have their customer information compromised, especially credit card numbers. Other businesses might discover intrusions that don’t affect their customers and may elect to remain mum simply to avoid the embarrassment and bad press.

Who Can Afford Cyber Security?
The result of all this hacking and cyber warfare is that IT departments have gone on high alert. If they are going to stay connected on the Internet, they have no choice but to pay up for security appliances and cloud based network security. But what about small and medium size businesses? Can your typical doctor’s office or restaurant really afford to pay for cyber defense?

Common Sense Measures
Certainly, any independent professional or small business can take the basic common sense steps to keep casual snoops and hackers scanning for low hanging fruit out of their networks. Nearly every router also includes a firewall function and encryption for Wi-Fi access. Anyone who neglects to change the default login and password and enable the highest level of encryption their equipment will handle, is just too naieve for words.

Public Access Is Always Vulnerable
Even so, there are still those lingering doubts that the network is protected. When you unlock Wi-Fi access so that customers can use your hotspot, you run two risks. First, you open a vulnerability. The vast majority of your customers will only use the broadband access as a convenience. They’re not out to cause you trouble. But… there are characters with malicious software on their laptops who can sit themselves down and troll other customers or try to break into your network. Wi-Fi doesn’t stop at the door these days, so they may be parked outside or even sitting a block away.

Wired Only?
The safest solution is to only use wired access inside the business and avoid Wi-Fi altogether. That may really limit you and your employees by ruling out any portable and mobile devices. The next step up is to have a Wi-Fi router but lock it for employee use only. That leaves customers and guests frustrated, since they’d like to use their tablets while waiting.

Will a Firewall Work?
Is it sufficient to simply install a firewall between your business network and your public-facing Wi-Fi hotspot? The idea makes a lot of business owners nervous. It’s hard to tell, especially when you don’t have a full-time IT department watching everything, whether you are truly protected or not. Consequently, they opt for either locking down their wireless network or not having one at all.

The Two Network Solution
Here’s another approach. Install TWO networks instead of one. The first is your internal business network. This can be high performance Ethernet over Copper or Fiber Optic WAN bandwidth. It might not even connect to the Internet. Either way, connect only your own equipment to this network. If you have wireless access, lock it down. Then order a second Internet connection. This one is for your customers and does not need the performance characteristics of your primary network. A good choice for many small and medium businesses who deal with the public is cable broadband, just like they have at home.

Why Cable Broadband?
The beauty of cable broadband is that it is inexpensive, even for business locations. You get decent bandwidth levels of 10 to 100 Mbps and it's pretty reliable these days. There’s a bonus for businesses with customer waiting areas. You can bundle cable TV service with your broadband for little extra cost. You may want the TV service anyway. Why not add Internet broadband as an extra convenience?

Keep 'em Apart
Here’s what you don’t do. You NEVER connect your business network with your customer network. They remain completely separate. If you get them from different providers and keep the wires apart, there is no chance of an interconnection. If someone sits outside at night and steals your broadband signal or tries to break into the public wireless network, they won’t get far. It doesn't really connect to anything other than the Internet.

What About Your Primary Internet Access?
Most organizations do need some type of Internet access to acquire information, place orders and connect with their customers. If your main business network is not strictly internal to your company, you still need network security between your LAN and the Internet. If you have the expertise on-board, you may be able to install and manage your own firewalls. Most smaller and medium size companies will find it more cost effective to order managed security in the cloud. WAN bandwidth providers who offer this option have the necessary expertise in-house and available 24/7.

For Emergencies Only
I know. There’s a temptation to use that second network for business purposes if your primary network runs out of capacity or suffers an outage. Be very careful. In such an emergency, you may wish to disconnect the public Wi-Fi hotspot or lock it to prevent any but employee access.

Do you need point to point WAN bandwidth, primary dedicated Internet access or separate customer-facing hotspot bandwidth? How about managed security for your company? If so, find out what secure network solutions are available and appropriate for your size business.

Blog Archive

Other Notable Services

Telexplainer Google+ is a service of T1 Rex and was formerly known as "T1 Rex's Business Telecom Explainer." Our mission is to offer technical and business information related to telecommunications and computer networking. We are teamed with Telarus, Inc. as our broker for worldwide telecom services, and are affiliates of other commercial services. Many images are used under license from Animation Factory or courtesy of Wikimedia Commons. Some are available on products from the Gigapacket Tech Store on Zazzle. Written and published by John Shepler. Profile+ You may contact me by sending email to: John (at) Telexplainer.com View John Shepler's profile